Consumer-facing technology fraud : economics, attack methods and potential solutions

The emerging use of modern technologies has not only benefited society but also attracted fraudsters and criminals to misuse the technology for financial benefits. Fraud over the Internet has increased dramatically, resulting in an annual loss of billions of dollars to customers and service providers worldwide. Much of such fraud directly impacts individuals, both in the case of browser-based and mobile-based Internet services, as well as when using traditional telephony services, either through landline phones or mobiles. It is important that users of the technology should be both informed of fraud, as well as protected from frauds through fraud detection and prevention systems. In this paper, we present the anatomy of frauds for different consumer-facing technologies from three broad perspectives - we discuss Internet, mobile and traditional telecommunication, from the perspectives of losses through frauds over the technology, fraud attack mechanisms and systems used for detecting and preventing frauds. The paper also provides recommendations for securing emerging technologies from fraud and attacks

Credit Card Security System and Fraud Detection Algorithm

Credit card fraud is one of the most critical threats affecting individuals and companies worldwide, particularly with the growing number of financial transactions involving credit cards every day. The most common threats are likely to come from database breaches and identity theft. All these threats threat put the security of financial transactions at severe risk and require a fundamental solution. This dissertation aims to suggest a secure online payment system that significantly improves credit card security. Our system can be particularly resilient to potential cyber-attacks, unauthorized users, man-in-the-middle, and guessing attacks for credit card number generation or illegal financial activities by utilizing a secure communication channel between the cardholder and server. Our system uses a shared secret and a verification token that allow both sides to communicate through encrypted information. Furthermore, our system is designed to generate a one-time credit card number at the user’s machine that is verified by the server without sharing the credit card number over the network. Our approach combines the machine learning (ML) algorithms with unique temporary credit card numbers in one integrated system, which is the first approach in the online credit card protection system. The new security system generates a one-time-use credit card number for each transaction with a predetermined amount of money. Simultaneously, the system can detect potential fraud utilizing ML algorithm with new critical features such as the IMEI or I.P. address, the transaction’s location, and other features. The contribution of this research is two-fold: (1) a method is proposed to generate a unique, authenticatable one-time credit card number to effectively defend against the database breaches, and (2) a credit card fraud prevention system is proposed with multiple security layers that are achieved by the integration of authentication, ML-based fraud detection, and the one-time credit card number generation. The dissertation improves consumers’ trust and confidence in the credit card system’s security and enhances satisfaction with credit cards’ various financial transactions. Further, the system uses the current online credit card infrastructure; hence it can be implemented without tangible infrastructure cost

Tutorial and Critical Analysis of Phishing Websites Methods

The Internet has become an essential component of our everyday social and financial activities. Internet is not important for individual users only but also for organizations, because organizations that offer online trading can achieve a competitive edge by serving worldwide clients. Internet facilitates reaching customers all over the globe without any market place restrictions and with effective use of e-commerce. As a result, the number of customers who rely on the Internet to perform procurements is increasing dramatically. Hundreds of millions of dollars are transferred through the Internet every day. This amount of money was tempting the fraudsters to carry out their fraudulent operations. Hence, Internet users may be vulnerable to different types of web threats, which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customers’ confidence in e-commerce and online banking. Therefore, suitability of the Internet for commercial transactions becomes doubtful. Phishing is considered a form of web threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain user’s confidential credentials such as usernames, passwords and social security numbers. In this article, the phishing phenomena will be discussed in detail. In addition, we present a survey of the state of the art research on such attack. Moreover, we aim to recognize the up-to-date developments in phishing and its precautionary measures and provide a comprehensive study and evaluation of these researches to realize the gap that is still predominating in this area. This research will mostly focus on the web based phishing detection methods rather than email based detection methods

Security of data science and data science for security

In this chapter, we present a brief overview of important topics regarding the connection of data science and security. In the first part, we focus on the security of data science and discuss a selection of security aspects that data scientists should consider to make their services and products more secure. In the second part about security for data science, we switch sides and present some applications where data science plays a critical role in pushing the state-of-the-art in securing information systems. This includes a detailed look at the potential and challenges of applying machine learning to the problem of detecting obfuscated JavaScripts

Literature Review of Credit Card Fraud Detection with Machine Learning

This thesis presents a comprehensive examination of the field of credit card fraud detection, aiming to offer a thorough understanding of its evolution and nuances. Through a synthesis of various studies, methodologies, and technologies, this research strives to provide a holistic perspective on the subject, shedding light on both its strengths and limitations. In the realm of credit card fraud detection, a range of methods and combinations have been explored to enhance effectiveness. This research reviews several noteworthy approaches, including Genetic Algorithms (GA) coupled with Random Forest (GA-RF), Decision Trees (GA-DT), and Artificial Neural Networks (GA-ANN). Additionally, the study delves into outlier score definitions, considering different levels of granularity, and their integration into a supervised framework. Moreover, it discusses the utilization of Artificial Neural Networks (ANNs) in federated learning and the incorporation of Generative Adversarial Networks (GANs) with Modified Focal Loss and Random Forest as the base machine learning algorithm. These methods, either independently or in combination, represent some of the most recent developments in credit card fraud detection, showcasing their potential to address the evolving landscape of digital financial threats. The scope of this literature review encompasses a wide range of sources, including research articles, academic papers, and industry reports, spanning multiple disciplines such as computer science, data science, artificial intelligence, and cybersecurity. The review is organized to guide readers through the progression of credit card fraud detection, commencing with foundational concepts and advancing toward the most recent developments. In today's digital financial landscape, the need for robust defense mechanisms against credit card fraud is undeniable. By critically assessing the existing literature, recognizing emerging trends, and evaluating the effectiveness of various detection methods, this thesis aims to contribute to the knowledge pool within the credit card fraud detection domain. The insights gleaned from this comprehensive review will not only benefit researchers and practitioners but also serve as a roadmap for the enhancement of more adaptive and resilient fraud detection systems. As the ongoing battle between fraudsters and defenders in the financial realm continues to evolve, a deep understanding of the current landscape becomes an asset. This literature review aspires to equip readers with the insights needed to address the dynamic challenges associated with credit card fraud detection, fostering innovation and resilience in the pursuit of secure and trustworthy financial transactions

An Examination of E-Banking Fraud Prevention and Detection in Nigerian Banks

E-banking offers a number of advantages to financial institutions, including convenience in terms of time and money. However, criminal activities in the information age have changed the way banking operations are performed. This has made e-banking an area of interest. The growth of cybercrime – particularly hacking, identity theft, phishing, Trojans, service denial attacks and account takeover– has created several challenges for financial institutions, especially regarding how they protect their assets and prevent their customers from becoming victims of cyber fraud. These criminal activities have remained prevalent due to certain features of cyber, such as the borderless nature of the internet and the continuous growth of the computer networks. Following these identified challenges for financial institutions, this study examines e-banking fraud prevention and detection in the Nigerian banking sector; particularly the current nature, impacts, contributing factors, and prevention and detection mechanisms of e-banking fraud in Nigerian banking institutions. This study adopts mixed research methods with the aid of descriptive and inferential analysis, which comprised exploratory factor analysis (EFA) and confirmatory factor analysis (CFA) for the quantitative data analysis, whilst thematic analysis was used for the qualitative data analysis. The theoretical framework was informed by Routine Activity Theory (RAT) and Fraud Management Lifecycle Theory (FMLT). The findings show that the factors contributing to the increase in e-banking fraud in Nigeria include ineffective banking operations, internal control issues, lack of customer awareness and bank staff training and education, inadequate infrastructure, presence of sophisticated technological tools in the hands of fraudsters, negligence of banks’ customers concerning their e-banking account devices, lack of compliance with the banking rules and regulations, and ineffective legal procedure and law enforcement. In addition, the enforcement of rules and regulations in relation to the prosecution of financial fraudsters has been passive in Nigeria. Moreover, the findings also show that the activities of each stage of fraud management lifecycle theory are interdependent and have a collective and considerable influence on combating e-banking fraud. The results of the findings confirm that routine activity theory is a real-world theoretical framework while applied to e-banking fraud. Also, from the analysis of the findings, this research offers a new model for e-banking fraud prevention and detection within the Nigerian banking sector. This new model confirms that to have perfect prevention and detection of e-banking fraud, there must be a presence of technological mechanisms, fraud monitoring, effective internal controls, customer complaints, whistle-blowing, surveillance mechanisms, staff-customer awareness and education, legal and judicial controls, institutional synergy mechanisms of in the banking systems. Finally, the findings from the analyses of this study have some significant implications; not only for academic researchers or scholars and accounting practitioners, but also for policymakers in the financial institutions and anti-fraud agencies in both the private and public sectors